plain source -> encrypted destination: rsync + gpg

Martin Langhoff ml at
Thu Jun 26 16:38:37 EST 2003

We want to keep a backup or a mirror of your files in a server we don't 
fully trust. You can have an encrypted FS on a file, and copy the 
complete FS to the untrusted server, but it is inefficient, and you get 
no granularity at all.

In our case, the remote server runs amanda, and we want to use amanda's 
power to restore files selectively -- yet don't give away our privacy. 
(We are, in fact, the administrators, not the end users, and we are 
trying to offer good quality backups with good privacy).

Rsync seems to come quite close -- so close that I am tempted to write a 
shell script. The implementation I am thinking of is quite inelegant: 
keep a "shadow" copy of the source files (encrypted using pgp),   rsync 
the shadow directory and the destination.

Are there ways to hook into rsync and preprocess the file before it is 
checksummed and sent  over? Are there other alternatives? (hopefully 
more elegant than maintaining a shadow copy of all the files!).

There's an "GPG and Rsync" thread describing almost exactly what we want

And also rsync-backup seems to be almost there -- but things seem to be 
happening at the server end.



More information about the rsync mailing list